資安事件新聞週報 2024/11/11 ~ 2024/11/15

###### tags: `資安事件新聞週報` # 資安事件新聞週報 2024/11/11 ~ 2024/11/15 1.重大弱點漏洞/後門/Exploit/Zero Day Fortinet 發布多個產品的安全性更新 https://www.cisa.gov/news-events/alerts/2024/11/12/fortinet-releases-security-updates-multiple-products https://www.fortiguard.com/psirt/FG-IR-23-396 https://www.fortiguard.com/psirt/FG-IR-23-475 https://www.fortiguard.com/psirt/FG-IR-24-144 https://www.fortiguard.com/psirt/FG-IR-24-199 Citrix 發佈 NetScaler 和 Citrix Session Recording 的安全性更新 https://www.cisa.gov/news-events/alerts/2024/11/12/citrix-releases-security-updates-netscaler-and-citrix-session-recording https://support.citrix.com/s/article/CTX691608-netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20248534-and-cve20248535?language=en_US https://support.citrix.com/s/article/CTX691941-citrix-session-recording-security-bulletin-for-cve20248068-and-cve20248069?language=en_US Citrix修補NetScaler設備高風險的記憶體安全漏洞 https://securityonline.info/citrix-netscaler-adc-and-gateway-vulnerabilities-put-organizations-at-risk/ New Flaws in Citrix Virtual Apps Enable RCE Attacks via MSMQ Misconfiguration https://thehackernews.com/2024/11/new-flaws-in-citrix-virtual-apps-enable.html Checkpoint Gaia 中存在一個漏洞 CVE-2024-24914 https://nvd.nist.gov/vuln/detail/CVE-2024-24914 Cisco Unified Industrial Wireless Software CVE-2024-20418 https://nvd.nist.gov/vuln/detail/CVE-2024-20418 Cisco Nexus Dashboard Fabric Controller (NDFC) CVE-2024-20536 https://nvd.nist.gov/vuln/detail/CVE-2024-20536 Cisco Enterprise Chat and Email (ECE) CVE-2024-20484 https://nvd.nist.gov/vuln/detail/CVE-2024-20484 Palo Alto Advises Securing PAN-OS Interface Amid Potential RCE Threat Concerns https://thehackernews.com/2024/11/palo-alto-advises-securing-pan-os.html Palo Alto Networks 防火牆配置工具Expedition 驚傳重大漏洞遭利用 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11367 Palo Alto Networks針對防火牆用戶提出警告，指出其管理介面存在漏洞 https://www.ithome.com.tw/news/165950 HPE Issues Critical Security Patches for Aruba Access Point Vulnerabilities https://thehackernews.com/2024/11/hpe-issues-critical-security-patches.html 微軟發佈11月份安全性公告 https://msrc.microsoft.com/update-guide/releaseNote/2024-Nov https://www.cisa.gov/news-events/alerts/2024/11/12/microsoft-releases-november-2024-security-updates 微軟發布11月例行更新，修補4個零時差漏洞，其中2個已被用於實際攻擊 https://www.ithome.com.tw/news/165982 微軟針對Exchange使用者提出警告，對於可疑郵件顯示警示訊息 https://www.bleepingcomputer.com/news/security/unpatched-microsoft-exchange-server-flaw-enables-spoofing-attacks/ Microsoft Fixes 90 New Flaws, Including Actively Exploited NTLM and Task Scheduler Bugs https://thehackernews.com/2024/11/microsoft-fixes-90-new-vulnerabilities.html IBM QRadar Wincollect is vulnerable to using components with known vulnerabilities https://www.ibm.com/support/pages/node/7176043 Adobe發布11月例行更新，修補旗下6款應用程式重大漏洞 https://www.ithome.com.tw/news/165984 Adobe 發布Photoshop 安全更新 https://helpx.adobe.com/security/products/photoshop/apsb24-89.html Security Flaws in Popular ML Toolkits Enable Server Hijacks, Privilege Escalation https://thehackernews.com/2024/11/security-flaws-in-popular-ml-toolkits.html OvrC Platform Vulnerabilities Expose IoT Devices to Remote Attacks and Code Execution https://thehackernews.com/2024/11/ovrc-platform-vulnerabilities-expose.html Zoom針對旗下視訊會議及通訊平臺修補高風險漏洞 https://www.ithome.com.tw/news/166045 Ivanti為VPN系統、NAC、遠端存取工具重大漏洞進行修補 https://securityonline.info/ivanti-connect-secure-policy-secure-and-secure-access-client-affected-by-critical-vulnerabilities/ Intel、AMD發布11月例行更新，為旗下晶片修補逾80項弱點 https://www.securityweek.com/chipmaker-patch-tuesday-intel-publishes-44-and-amd-publishes-8-new-advisories/ 機器學習工具存在漏洞，恐導致伺服器遭挾持、權限提升 https://thehackernews.com/2024/11/security-flaws-in-popular-ml-toolkits.html SAP針對Web Dispatcher修補高風險XSS漏洞 https://www.ithome.com.tw/news/166001 2.銀行/金融/保險/證券/金融監理新聞及資安 Gogolook 參與金管會自主實證攜手公股銀行跨界阻詐 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11362 中輸銀升級資安防護落實金融生態鏈的當責助企業與全球競合 https://csr.cw.com.tw/article/43868 兆豐銀科技反詐獲工商時報數位金融獎肯定 https://reurl.cc/G5Zl3v 台北富邦銀行連續四年榮獲「數位金融獎-數位資訊安全獎」肯定 https://money.udn.com/money/story/5636/8325357 凱基證券反詐和資安有成囊括兩大獎「數位資訊安全獎-反詐組、安全組」 https://money.udn.com/money/story/5613/8325828 公股銀網路外部攻擊衝高 9月起至少翻倍，有銀行甚至年增達3倍以上，主要為分散式阻斷服務攻擊及探測連線 https://www.chinatimes.com/newspapers/20241111000212-260205?chdtv ToxicPanda: a new banking trojan from Asia hit Europe and LATAM https://www.cleafy.com/cleafy-labs/toxicpanda-a-new-banking-trojan-from-asia-hit-europe-and-latam 3.信用卡/電子支付/行動支付/pay/支付系統/資安 LINE Pay台灣更上一層樓！丁雄注：12月轉上市，跨境支付韓國率先跑 https://www.gvm.com.tw/article/117061 遊日本用PayPay付錢免手續費！台灣人如何用？哪些電子支付有支援一次看懂 https://www.sogi.com.tw/articles/how_to/6263370 中國最大支付平台出包！雙11「大當機」全網炸鍋 https://reurl.cc/eGvZej 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安 Bitcoin Fog Founder Sentenced to 12 Years for Cryptocurrency Money Laundering https://thehackernews.com/2024/11/bitcoin-fog-founder-sentenced-to-12.html 川普擁抱加密貨幣金管會促國內平台業者速登記否則有刑責 https://today.line.me/tw/v2/article/mWk2eRZ 加密貨幣網紅遭擄「5個月後曝屍野外」　加拿大1女嫌落網 https://www.ettoday.net/news/20241115/2855532.htm 川普內閣三大特色：反中、親商、挺加密貨幣 https://money.udn.com/money/story/122381/8354837?from=edn_VIP_index_side 偽造合同與簽名兩華人涉加密貨幣欺詐被訴 https://www.epochtimes.com/b5/24/11/15/n14371660.htm 金管會要介入監管加密貨幣？楊金龍認為馬斯克很會操縱市場 https://reurl.cc/gekE9L 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC Chrome應用程式綁定機制被繞過，竊資軟體Glove竊取經加密處理的Cookie https://www.bleepingcomputer.com/news/security/new-glove-infostealer-malware-bypasses-google-chromes-cookie-encryption/ 惡意程式載入工具Emmenhtal Loader透過系統內建工具，傳送竊資軟體LummaC2 https://hackread.com/emmenhtal-loader-uses-scripts-deliver-lumma-malware/ 資安業者Bitdefender打造勒索軟體ShrinkLocker解密工具，藉由復原BitLocker密碼還原檔案 https://www.bleepingcomputer.com/news/security/new-shrinklocker-ransomware-decryptor-recovers-bitlocker-password/ 伊朗駭客發起Dream Job攻擊行動，鎖定航太產業散布惡意軟體SnailResin https://securityonline.info/iranian-dream-job-campaign-targets-aerospace-industry-with-snailresin-malware/ 惡意軟體GootLoader鎖定澳洲，針對愛貓人士而來 https://www.ithome.com.tw/news/165964 下載GitHub電腦版請小心！攻擊者透過多個管道散播假冒此工具的惡意軟體Fickle Stealer https://www.ithome.com.tw/news/165968 攻擊者積極利用ZIP檔案串接手法，意圖隱藏惡意軟體 https://www.ithome.com.tw/news/165954 惡意NPM套件鎖定Roblox開發者而來，意圖進行供應鏈攻擊 https://securityonline.info/roblox-developers-targeted-in-supply-chain-attack-with-malicious-npm-packages/ 勒索軟體Ymir夥同竊資軟體RustyStealer，攻擊受害組織 https://www.bleepingcomputer.com/news/security/new-ymir-ransomware-partners-with-rustystealer-in-attacks/ 中國駭客Earth Estries濫用視窗作業系統內建防毒元件，持續於受害環境活動 https://securityonline.info/earth-estries-evolving-toolkit-a-deep-dive-into-their-advanced-techniques/ 名稱只差正版一個字，惡意Python套件fabrice魚目混珠，專門竊取AWS金鑰 https://www.ithome.com.tw/news/165937 圖博網站遭中國駭客鎖定，植入惡意軟體 https://www.securityweek.com/chinese-hackers-target-tibetan-websites-in-malware-attack-cybersecurity-group-says/ 竊資軟體Strela Stealer活動升溫，駭客組織Hive0145藉此對烏克蘭下手 https://securityintelligence.com/x-force/strela-stealer-todays-invoice-tomorrows-phish/ 木馬程式RustyAttr濫用macOS檔案延伸屬性，埋藏惡意程式碼 https://www.bleepingcomputer.com/news/security/hackers-use-macos-extended-file-attributes-to-hide-malicious-code/ 中國駭客APT41鎖定東南亞而來，利用惡意軟體框架DeepData Framework跟蹤政治人物與記者 https://www.ithome.com.tw/news/166040 竊資軟體Androxgh0st與殭屍網路Mozi狼狽為奸，加劇物聯網裝置威脅 https://hackread.com/androxgh0st-botnet-integrate-mozi-iot-vulnerabilities/ Veeam備份軟體漏洞再傳遭到利用，勒索軟體Frag將其用於攻擊行動 https://www.bleepingcomputer.com/news/security/critical-veeam-rce-bug-now-used-in-frag-ransomware-attacks/ 惡意軟體GootLoader鎖定澳洲，針對愛貓人士下手 https://securityonline.info/bengal-cat-lovers-in-australia-targeted-by-gootloader-malware/ 竊資軟體Rhadamantys出現變種，駭客假借侵權名義散布 https://securityonline.info/new-rhadamanthys-stealer-rhadamanthys-07-mimics-copyright-notices-to-phish-global-targets/ 北韓駭客使用跨平臺應用程式框架Flutter打包惡意酬載，鎖定macOS用戶而來 https://www.ithome.com.tw/news/166000 New Trend in MSI File Abuse: New Use of MST Files to Deliver Tromas https://ti.qianxin.com/blog/articles/new%20-trend-in-msi-file-abuse-new-oceanlotus-group-first-to-use-mst-files-to-deliver-special-trojan-en/ AndroxGh0st Malware Integrates Mozi Botnet to Target IoT and Cloud Services https://thehackernews.com/2024/11/androxgh0st-malware-integrates-mozi.html Malicious NPM Packages Target Roblox Users with Data-Stealing Malware https://thehackernews.com/2024/11/malicious-npm-packages-target-roblox.html Cybercriminals Use Excel Exploit to Spread Fileless Remcos RAT Malware https://thehackernews.com/2024/11/cybercriminals-use-excel-exploit-to.html New Ymir Ransomware Exploits Memory for Stealthy Attacks; Targets Corporate Networks https://thehackernews.com/2024/11/new-ymir-ransomware-exploits-memory-for.html Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks https://thehackernews.com/2024/11/iranian-hackers-use-dream-job-lures-to.html 5 BCDR Oversights That Leave You Exposed to Ransomware https://thehackernews.com/2024/11/5-bcdr-oversights-that-leave-you-exposed-to-ransomware.html New RustyAttr Malware Targets macOS Through Extended Attribute Abuse https://thehackernews.com/2024/11/new-rustyattr-malware-targets-macos.html Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails https://thehackernews.com/2024/11/russian-hackers-exploit-new-ntlm-flaw.html Free Decryptor Released for BitLocker-Based ShrinkLocker Ransomware Victims https://thehackernews.com/2024/11/free-decryptor-released-for-bitlocker.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊防止iPhone未經授權存取，iOS 18.1加入4天未解鎖自動重開機功能 https://www.ithome.com.tw/news/165979 安卓惡意軟體SpyNote假冒防毒軟體，暗中在後臺取得多項權限 https://securityonline.info/spynote-malware-fake-antivirus-targets-android-users-in-sophisticated-new-campaign/ 資安專家警告「中國木馬竄全球」偽裝成常用APP竊取銀行帳密、存款 https://reurl.cc/864OEj C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力電子元件製造商國巨證實子公司遭遇網路攻擊，並透露損失情形 https://mops.twse.com.tw/mops/web/ajax_t05sr01_1?firstin=true&stp=1&step=1&SEQ_NO=1&SPOKE_TIME=185813&SPOKE_DATE=20241108&COMPANY_ID=2327 冒牌電子商務網站透過SEO下毒散布，攻擊者先攻擊合法網站左右搜尋引擎結果，引誘受害者上門 https://www.ithome.com.tw/news/165966 中國駭客Volt Typhoon傳出捲土重來，再度建置殭屍網路 https://www.ithome.com.tw/news/166019 美國電信業者遭駭，當局證實中國駭客竊取部分政府官員的私密通訊內容 https://www.ithome.com.tw/news/166051 美運輸安全管理局擬立法強制鐵路與管線業者通報網安事件 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11371 俄羅斯駭客利用NTLM雜湊洩漏欺騙零時差漏洞，攻擊烏克蘭企業組織 https://www.ithome.com.tw/news/166013 North Korean remote workers landing jobs in the West https://www.zscaler.com/blogs/security-research/pyongyang-your-payroll-rise-north-korean-remote-workers-west https://raw.githubusercontent.com/ThreatLabz/iocs/refs/heads/main/contagiousinterview/beavertail_hashes.txt https://raw.githubusercontent.com/ThreatLabz/iocs/refs/heads/main/contagiousinterview/beavertail_installation_package_hashes.txt https://raw.githubusercontent.com/ThreatLabz/iocs/refs/heads/main/contagiousinterview/c2s.txt https://raw.githubusercontent.com/ThreatLabz/iocs/refs/heads/main/contagiousinterview/packed_beavertail_hashes.txt Analysis of Cyber Reconnaissance Activities Behind APT37 Threats https://www.genians.co.kr/blog/threat_intelligence/apt37_recon 中國駭客IcePeony與巴基斯坦駭客Transparent Tribe同流合汙，使用雲端工具攻擊印度企業組織 https://thehackernews.com/2024/11/icepeony-and-transparent-tribe-target.html IcePeony and Transparent Tribe Target Indian Entities with Cloud-Based Tools https://thehackernews.com/2024/11/icepeony-and-transparent-tribe-target.html New GootLoader Campaign Targets Users Searching for Bengal Cat Laws in Australia https://thehackernews.com/2024/11/new-gootloader-campaign-targets-users.html Hamas-Affiliated WIRTE Employs SameCoin Wiper in Disruptive Attacks Against Israel https://thehackernews.com/2024/11/hamas-affiliated-wirte-employs-samecoin.html D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全駭客利用Office已知漏洞，透過網路釣魚散布Remcos RAT https://www.ithome.com.tw/news/166003 Amazon坦承員工資料在MOVEit相關資安事件中外洩 https://www.ithome.com.tw/news/165980 因第三方供應商遭受MOVEit事故波及，Amazon證實資料外洩 https://www.bleepingcomputer.com/news/security/amazon-confirms-employee-data-breach-after-vendor-hack/ 惡意工具GoIssue聲稱可對GitHub用戶大規模從事網釣攻擊，開發者號召打手採用 https://thehackernews.com/2024/11/new-phishing-tool-goissue-targets.html 受害者損失8億看看這起深偽詐騙怎麼發生 https://www.technice.com.tw/techmanage/infosecurity/150610/ 資安公司：千萬別用Google搜尋這6個字！電腦恐被控制、金融個資外洩 https://reurl.cc/zpg790 2024年最糟10個密碼排行榜也有你的嗎 https://www.technice.com.tw/techmanage/infosecurity/150823/ 黑五詐騙潮鎖定網購族小心信用卡資料已外洩 https://www.technice.com.tw/techmanage/infosecurity/150762/ 「廣告實名制」2025上路打詐如何驗證廣告主身分？怎麼防冒名 https://news.pts.org.tw/article/724139 New Phishing Tool GoIssue Targets GitHub Developers in Bulk Email Campaigns https://thehackernews.com/2024/11/new-phishing-tool-goissue-targets.html TikTok Pixel Privacy Nightmare: A New Case Study https://thehackernews.com/2024/11/tiktok-pixel-privacy-nightmare-new-case.html E.研究報告/工具駭客利用 ZIP 檔案串接技術躲避資安偵測 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11369 5 Ways Behavioral Analytics is Revolutionizing Incident Response https://thehackernews.com/2024/11/5-ways-behavioral-analytics-is.html Comprehensive Guide to Building a Strong Browser Security Program https://thehackernews.com/2024/11/comprehensive-guide-to-building-strong.html F.商業 Gartner：2025年十大戰略技術趨勢 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11364 Check Point 發佈 2025 年九大網路安全趨勢預測 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11360 微軟情報安全聯盟納入1Password，強化身分驗證與存取管理 https://www.ithome.com.tw/news/166006 思科產品功能整合大進化，涵蓋網路、AI、資安，同時發表首款企業級Wi-Fi 7基地臺 https://www.ithome.com.tw/news/165974 網攻進入鐘點戰時代，Palo Alto Networks預估2026年3大威脅1小時發動 https://www.ithome.com.tw/news/165944 The vCISO Academy: Transforming MSPs and MSSPs into Cybersecurity Powerhouses https://thehackernews.com/2024/11/the-vciso-academy-transforming-msps-and.html The ROI of Security Investments: How Cybersecurity Leaders Prove It https://thehackernews.com/2024/11/the-roi-of-security-investments-how.html State of SaaS Security Report: Bold Moves Required to Secure SaaS in 2024 and Beyond https://thehackernews.com/expert-insights/2024/11/state-of-saas-security-report-bold.html Beyond Castle Walls: Operational Technology and Zero Trust https://thehackernews.com/expert-insights/2024/11/beyond-castle-walls-operational.html G.政府 NCC防堵詐騙簡訊祭出新措施，要求電信業者建立商業簡訊白名單機制 https://www.ithome.com.tw/news/166016 數發部全面體檢21萬公務員AI力，分級培訓打造智慧政府 https://www.cw.com.tw/article/5132644 數位發展部攜手金酒探索 5G 智慧轉型新契機 https://reurl.cc/465GkL 數位發展部數位產業署邀六都齊聚交流智慧治理應用典範 https://money.udn.com/money/story/11799/8337259 抗詐行動再一波！LINE 聯手數位發展部推「防詐動態警報」 https://linecorp.com/tw/pr/news/2024/1114/ 搶進國際供應鏈國家太空中心籌辦低軌通訊衛星產業論壇 https://reurl.cc/O57L7D 政府以海纜、微波、衛星多管齊下強化金門通訊韌性，數位部：年底如期完成773個衛星站點設置 https://www.ithome.com.tw/news/165999 H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療相關資安英業達與VicOne攜手打造智慧及安全之車輛座艙系統 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11365 物聯網裝置雲端管理平臺OvrC存在漏洞，攻擊者可用來挾持裝置，發動RCE攻擊 https://www.ithome.com.tw/news/166043 D-Link已終止支援的NAS設備重大漏洞，傳出已被用於攻擊行動 https://www.ithome.com.tw/news/166015 施耐德電機針對Modicon控制器漏洞提出警告 https://securityonline.info/schneider-electric-warns-of-multiple-vulnerabilities-in-modicon-controllers/ 西門子遠端監控系統TeleControl Server Basic存在風險滿分漏洞，未經身分驗證的攻擊者可執行任意程式碼 https://securityonline.info/cve-2024-44102-cvss-10-found-in-siemens-telecontrol-server-basic-urgent-update-required/ 馬自達車載系統軟體漏洞，可允許駭客執行任意程式碼 https://www.ithome.com.tw/news/165935 I.教育訓練資安事件發生必要知道的復原程序，降低傷害 https://www.ithome.com.tw/pr/163614 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p iPAS◆資訊安全規劃實務◆中級測驗題庫彙編(123題) https://reurl.cc/orlD1g GCP Associate Cloud Engineer (ACE) 學習心得、教材資源與筆記分享 — 學習天然高可用與零信任設計 https://medium.com/blacksecurity/gcp-associate-cloud-engineer-78f736aee7ad Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 一般人也能拿到國際資安認證！CSCU安全電腦使用者認證課程 https://www.ithome.com.tw/pr/160954 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP資安認證的8大領域 https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CISSP證照考試實戰心得第二章：規律且有紀律的讀書策略 https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies CISSP證照考試實戰心得第三章：終極一戰 https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle Quick CISSP Infographic for IPSec https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec CSSLP Certification - Security models in F# https://github.com/vbocan/csslp Certified Secure Software Lifecycle Professional in bullet points https://github.com/joeyhage/csslp-notes CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh CEH https://github.com/a3cipher/CEH CodeRed by EC-Council https://github.com/codered-by-ec-council EC-Council CEH Practical / Master 準備心得 — 讓理論與實作相輔相成的學習 https://medium.com/blacksecurity/ceh-practical-master-3e80cac180a2 EC-Council CEHP考試準備心得 https://hackmd.io/@9dCJrgb6QHGd8dRfgHO0zg/r14xNn1po My ceh practical notes https://github.com/dhabaleshwar/CEHPractical/blob/main/Everything%20You%20Need.md CEHP課程筆記 https://hackmd.io/@nfu-johnny/B1Ju_BMPR ECSA v10 考試心得與讀書資料分享/ ECSA v10 Review and Study Materials https://medium.com/blacksecurity/ecsa-v10-1ec76c0eb7d4 EC-Council ECSA資安分析專家 v10 考試心得分享 https://javaxtalk.blogspot.com/2019/05/ec-council-ecsa-v10.html 20180817 EC-Council ECSA v10 PASS https://www.ptt.cc/bbs/License/M.1534571704.A.5BA.html 關於EC-Council CPENT和LPT Master滲透測試證照準備方式及心得分享 https://medium.com/@ChadSecurity/%E9%97%9C%E6%96%BCec-council-cpent%E5%92%8Clpt-master%E6%BB%B2%E9%80%8F%E6%B8%AC%E8%A9%A6%E8%AD%89%E7%85%A7%E6%BA%96%E5%82%99%E6%96%B9%E5%BC%8F%E5%8F%8A%E5%BF%83%E5%BE%97%E5%88%86%E4%BA%AB-efb63de00a8d 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review CPENT 從暴力到破解 https://hackmd.io/@3WAsoRFgSlyy7pm10p60kg/ByO0zs295 Ec-Council CPENT心得 - 資安菜鳥從CEH到LPT Master https://4hsienyang.medium.com/cpent-lpt-master-ccaebf2dbc7f CPENT考試心得分享：一次拿到 LPT 滲透測試大師認證 https://ucom.uuu.com.tw/web/Testimony/Article/4404 kaizensecurity/CPENT https://github.com/kaizensecurity/CPENT/tree/master CPENT : Pentesting like NO OTHERS ! https://www.linkedin.com/pulse/cpent-pentesting-like-others-belly-rachdianto/ Journey of My CPENT Exam https://medium.com/techiepedia/journey-of-my-cpent-exam-3a5d7ee6d917 [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv comptia-security-plus https://github.com/ajfuto/comptia-security-plus security-plus https://github.com/fjavierm/security-plus CompTIA Security+ Certification Practice Test Questions https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html App防駭學，資安防護實戰課程全面提升安全觀念 https://www.ithome.com.tw/pr/161505 OSEP (Evasion Techniques and Breaching Defenses (PEN-300) 心得分享 https://hackmd.io/@henry-ko/HyQ56e8eF OSEP (Evasion Techniques and Breaching Defenses (PEN-300) http://github.com/In3x0rabl3/OSEP OSCP（Offensive Security Certified Professional） https://github.com/0x584A/oscp-notes/tree/master ISACA Certified Information Systems Auditor® (CISA) 國際電腦稽核師認證準備歷程心得、申請流程分享- 2023年 https://reurl.cc/aVLoX9 Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 證照仍是學習資安基本功的主要管道，有專家打造「資安證照地圖」 https://www.ithome.com.tw/news/156754 用證照證明自己實力之餘，更應將證照視為督促學習的最大動力 https://www.ithome.com.tw/news/156756 打破證照誤解與迷思，資安專家帶你釐清資安證照的意義 https://www.ithome.com.tw/news/156755 Accelerate Your Career with the Global Leader in Cyber Security Training https://www.sans.org/mlp/promo-partnership-hacker-news/ 【成大資安社社課】資安禁術 - 逆向工程地獄試煉 https://www.youtube.com/watch?v=4Yc3-9CjG6U 透過實務演練，教你建立實作標準的安全SOP流程 https://www.ithome.com.tw/pr/163514 6.近期資安活動及研討會 2024 第九屆區塊鏈愛好者年會 2024/11/18 https://www.accupass.com/event/2409130849071943030502 Trustrade weekly TUESDAY ZOOM meeting! 2024/11/19 https://www.meetup.com/hong-kong-blockchain-business/events/rzkwqsygcpbzb/ Algorithms Study Group! 2024/11/19 https://www.meetup.com/codeseoul/events/rslrltygcpbzb/ Self-Taught Coding Tuesdays - Study, Code, Design, Build, Network 2024/11/19 https://www.meetup.com/taiwan-code-camp/events/304284758/ Trustrade Business Networking powered by ZOOM 2024/11/19 https://www.meetup.com/sophisticated-blockchain-cryptocurrency-professionals/events/ffdghsygcpbzb/ Silicon Valley Business Networking (Online) 2024/11/19 https://www.meetup.com/hong-kong-startup-idea-to-ipo/events/xppjhtygcpbzb/ 資安五四三 2024/11/20 https://csa.kktix.cc/events/202411-543 Machine Learning Tech Talks 2024/11/20 https://www.meetup.com/machine-learning-tech-talks/events/304154748/ Slot 1 (APAC/EMEA) 2024/11/21 https://www.meetup.com/coop-casual-conference/events/lxqrltygcpbcc/ Session #9: Google AI Seminar (Virtual) 2024/11/21 https://www.meetup.com/meetup-group-epigxybb/events/304205745/ HackingThursday 固定聚會台北場 Taipei 2024/11/21 https://www.meetup.com/hackingthursday/events/fcmtntygcpbcc/ [Online] Philippine Bitcoin meetup 2024/11/21 https://www.meetup.com/philippine-bitcoiners/events/300961127/ 【安碁學苑】資安職能培訓｜安全程式開發管理師 2024/11/23 ~ 2024/12/21 https://acsiacad.kktix.cc/events/308914 Taoyuan WordPress Café 桃園咖啡小聚 #42 2024/11/23 https://www.meetup.com/taoyuan-wordpress-meetup/events/304123625/ #130 swirl: The Package for Learning and Teaching Data Science in R 2024/11/23 https://www.meetup.com/r-user-group-philippines/events/296013262/ Exploring Azure AI Services and Certification Pathways 2024/11/25 https://www.meetup.com/rladies-taipei/events/303989737/ Algorithms Study Group! 2024/11/26 https://www.meetup.com/codeseoul/events/rslrltygcpbjc/ Self-Taught Coding Tuesdays - Study, Code, Design, Build, Network 2024/11/26 https://www.meetup.com/taiwan-code-camp/events/xfxtjtygcpbjc/ Trustrade Business Networking powered by ZOOM 2024/11/26 https://www.meetup.com/sophisticated-blockchain-cryptocurrency-professionals/events/ffdghsygcpbjc/ Trustrade weekly TUESDAY ZOOM meeting! 2024/11/26 https://www.meetup.com/hong-kong-blockchain-business/events/rzkwqsygcpbjc/ Silicon Valley Business Networking (Online) 2024/11/26 https://www.meetup.com/hong-kong-startup-idea-to-ipo/events/xppjhtygcpbjc/ Free Startup Fundraising Office Hours Expert AMA with Angel Investor Scott Fox! 2024/11/27 https://www.meetup.com/taipei-startups-investors-masterminds-network/events/bmzxltygcpbkc/ 【2024 RMN ASIA】AI 驅動零售變革 · RMN重新定義行銷生態 2024/11/28 https://www.accupass.com/event/2409050256092193763570 Slot 1 (APAC/EMEA) 2024/11/28 https://www.meetup.com/coop-casual-conference/events/lxqrltygcpblc/ HackingThursday 固定聚會台北場 Taipei 2024/11/28 https://www.meetup.com/hackingthursday/events/fcmtntygcpblc/ 【TIRI線上董事、公司治理主管進修課程】漫談資安治理的盲點與對策 2024/11/29 https://www.accupass.com/event/2408290602361963077719 金融反詐 X AI深偽：資安實務專題講座（北部場） 2024/11/29 https://isipevent.kktix.cc/events/n165isip Threat Analyst Summit 2024 威脅分析師高峰會 2024/12/11 ~ 2024/12/12 https://teamt5tw.kktix.cc/events/tas2024 金融反詐 X AI深偽：資安實務專題講座（中部場）2024/12/16 https://isipevent.kktix.cc/events/m165isip Free Startup Fundraising Office Hours Expert AMA with Angel Investor Scott Fox! 2024/12/25 https://www.meetup.com/taipei-startups-investors-masterminds-network/events/bmzxltygcqbhc/